Bug#929017: marked as done (mutt: undefined behavior on huge integer in a RFC 2231 header)

Debian Bug Tracking System Thu, 30 May 2019 04:21:29 -0700

Your message dated Thu, 30 May 2019 11:20:13 +0000
with message-id <e1hwj6t-00083k...@fasolo.debian.org>
and subject line Bug#929017: fixed in mutt 1.10.1-2.1
has caused the Debian Bug report #929017,
regarding mutt: undefined behavior on huge integer in a RFC 2231 header
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
929017: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929017
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: mutt
Version: 1.10.1-2
Severity: serious
Tags: security upstream fixed-upstream

The rfc2231.c file contains:

      index = atoi (s);

where the string s is part of a RFC 2231 parameter in a header. For
instance, if in a message (invalid, but which can occur due to spam,
attack, etc.), one has:

Content-Disposition: inline;
        filename*17="na";
        filename*999999999999999999999999999999="me"

atoi() will be called on the string "999999999999999999999999999999",
which is undefined behavior and may have security implications
depending on the atoi() implementation.

I've just fixed this issue in the following commit:

https://gitlab.com/muttmua/mutt/commit/3b6f6b829718ec8a7cf3eb6997d86e83e6c38567

-- Package-specific info:
Mutt 1.11.4+211 (79563636) vl-117499 (2019-05-13)
Copyright (C) 1996-2016 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: Linux 4.19.0-5-amd64 (x86_64)
ncurses: ncurses 6.1.20181013 (compiled with 6.1)
libidn: 1.33 (compiled with 1.33)

Compiler:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/8/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 8.3.0-7' 
--with-bugurl=file:///usr/share/doc/gcc-8/README.Bugs 
--enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ --prefix=/usr 
--with-gcc-major-version-only --program-suffix=-8 
--program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id 
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix 
--libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu 
--enable-libstdcxx-debug --enable-libstdcxx-time=yes 
--with-default-libstdcxx-abi=new --enable-gnu-unique-object 
--disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie 
--with-system-zlib --with-target-system-zlib --enable-objc-gc=auto 
--enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 
--with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic 
--enable-offload-targets=nvptx-none --without-cuda-driver 
--enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu 
--target=x86_64-linux-gnu
Thread model: posix
gcc version 8.3.0 (Debian 8.3.0-7) 

Configure options: '--prefix=/home/vlefevre' 
'--exec-prefix=/home/vlefevre/x86_64' '--enable-debug' '--enable-pop' 
'--enable-imap' '--with-ssl' '--enable-compressed' 
'--with-exec-shell=/home/vlefevre/bin/sh.screen' '--enable-gpgme' 
'--with-system-dotlock=/usr/bin/mutt_dotlock' 'CC=gcc' 'CFLAGS=-g -O3 
-march=native -fsanitize=undefined -fno-sanitize-recover'

Compilation CFLAGS: -Wall -pedantic -Wno-long-long -g -O3 -march=native 
-fsanitize=undefined -fno-sanitize-recover

Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE  +USE_FCNTL  -USE_FLOCK   
+USE_POP  +USE_IMAP  -USE_SMTP  
+USE_SSL_OPENSSL  -USE_SSL_GNUTLS  -USE_SASL  -USE_GSS  +HAVE_GETADDRINFO  
+HAVE_REGCOMP  -USE_GNU_REGEX  
+HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET  
+HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  +HAVE_FUTIMENS  
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  +CRYPT_BACKEND_GPGME  
-EXACT_ADDRESS  -SUN_ATTACHMENT  
+ENABLE_NLS  -LOCALES_HACK  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET  
+HAVE_LANGINFO_YESEXPR  
+HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  -HAVE_LIBIDN2  +HAVE_GETSID  
-USE_HCACHE  
-USE_SIDEBAR  +USE_COMPRESSED  +USE_INOTIFY  
ISPELL="/usr/bin/ispell"
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/home/vlefevre/share/mutt"
SYSCONFDIR="/home/vlefevre/etc"
EXECSHELL="/home/vlefevre/bin/sh.screen"
-MIXMASTER

To contact the developers, please mail to <mutt-...@mutt.org>.
To report a bug, please contact the Mutt maintainers via gitlab:
    https://gitlab.com/muttmua/mutt/issues

patch-20190423.vl.simplesearchkw.1
patch-20190106.pdmef.progress.vl.1
patch-20190423.tamovl.patterns.1
patch-20180503.tamo.iso8601.1
patch-20180503.tamovl.sysdotlock.1

-- System Information:
Debian Release: 10.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages mutt depends on:
ii  libassuan0        2.5.2-1
ii  libc6             2.28-10
ii  libcom-err2       1.45.1-1
ii  libgnutls30       3.6.7-2
ii  libgpg-error0     1.35-1
ii  libgpgme11        1.12.0-6
ii  libgssapi-krb5-2  1.17-2
ii  libidn11          1.33-2.2
ii  libk5crypto3      1.17-2
ii  libkrb5-3         1.17-2
ii  libncursesw6      6.1+20181013-2
ii  libsasl2-2        2.1.27+dfsg-1
ii  libtinfo6         6.1+20181013-2
ii  libtokyocabinet9  1.4.48-12

Versions of packages mutt recommends:
ii  libsasl2-modules  2.1.27+dfsg-1
ii  locales           2.28-10
ii  mime-support      3.62

Versions of packages mutt suggests:
ii  aspell                                     0.60.7~20110707-6
ii  ca-certificates                            20190110
ii  exim4-daemon-light [mail-transport-agent]  4.92-7
ii  gnupg                                      2.2.13-2
ii  ispell                                     3.4.00-6+b1
pn  mixmaster                                  <none>
ii  openssl                                    1.1.1b-2
ii  urlview                                    0.9-21

Versions of packages mutt is related to:
ii  mutt  1.10.1-2

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: mutt
Source-Version: 1.10.1-2.1

We believe that the bug you reported is fixed in the latest version of
mutt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 929...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <la...@debian.org> (supplier of updated mutt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 25 May 2019 09:57:12 +0100
Source: mutt
Binary: mutt mutt-dbgsym
Architecture: source amd64
Version: 1.10.1-2.1
Distribution: unstable
Urgency: medium
Maintainer: Mutt maintainers <m...@packages.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
 mutt       - text-based mailreader supporting MIME, GPG, PGP and threading
Closes: 929017
Changes:
 mutt (1.10.1-2.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Apply patch from upstream to prevent undefined behaviour when
     parsing invalid Content-Disposition mail headers. The atoi() function was
     being called on a number which can potentially overflow and thus can have
     security implications depending on the atoi() implementation.
     (Closes: #929017)
Checksums-Sha1:
 91c2e51b337f2f9a3d35d94c48eadc6eba30dfae 2330 mutt_1.10.1-2.1.dsc
 584c3a5cd604813749da4d90c8c457a143ccd746 4255890 mutt_1.10.1.orig.tar.gz
 46c14adbefbde069cc4ff0a2f75d2466b25f7ffe 833 mutt_1.10.1.orig.tar.gz.asc
 b7c24a9780e60f807436e72490454dcab0eca9c7 62560 mutt_1.10.1-2.1.debian.tar.xz
 e15b7b81bc1f3d61f69f69c5e00954c78e31caf9 1741944 
mutt-dbgsym_1.10.1-2.1_amd64.deb
 030ae84b34fa06ef01015f7f5315f64f133d839e 7754 mutt_1.10.1-2.1_amd64.buildinfo
 d8d4ed86fcc3fcb74670eada47af1eda52309cd1 1581052 mutt_1.10.1-2.1_amd64.deb
Checksums-Sha256:
 c7d11d1628af11850abe66fafef17d7b3f877cc3bc370cd7dc58cf7ac3676438 2330 
mutt_1.10.1-2.1.dsc
 734a3883158ec3d180cf6538d8bd7f685ce641d2cdef657aa0038f76e79a54a0 4255890 
mutt_1.10.1.orig.tar.gz
 0ce9cb23947de6b0f35f7fc5f6b228c04c679e09cc59aaf77f8484187dacdf40 833 
mutt_1.10.1.orig.tar.gz.asc
 0b4519b1c84a1cad74b11a67571a1fbe3a9c4a64e138a3b7f0007cbb1e616f8c 62560 
mutt_1.10.1-2.1.debian.tar.xz
 e5b0cd6d5de83626bf2eb868af2850e5c0b0409031f91948586f55808f5e70dc 1741944 
mutt-dbgsym_1.10.1-2.1_amd64.deb
 cf9b927db2528280ae31a683734bc655ef5676195546e4dc4b510edb112f84ba 7754 
mutt_1.10.1-2.1_amd64.buildinfo
 710b9988c676fd586b27055a40b417be1944603be8599ac2dc72eebb22113480 1581052 
mutt_1.10.1-2.1_amd64.deb
Files:
 65c8814f09c76ae21274d105c921cfe1 2330 mail optional mutt_1.10.1-2.1.dsc
 f1564f81ed5f8bacb7e041edc71d5347 4255890 mail optional mutt_1.10.1.orig.tar.gz
 bfa174eda4de275d63d9cd35c87fd88d 833 mail optional mutt_1.10.1.orig.tar.gz.asc
 9fe0c8b324ffee164eade93e06c693c6 62560 mail optional 
mutt_1.10.1-2.1.debian.tar.xz
 1984cd74a694bba469810f90ca00718c 1741944 debug optional 
mutt-dbgsym_1.10.1-2.1_amd64.deb
 d4808faf0acf03c7bf155a5fcd2a80d0 7754 mail optional 
mutt_1.10.1-2.1_amd64.buildinfo
 712cd772136bae924b9dbe25539f657d 1581052 mail optional 
mutt_1.10.1-2.1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlzpBXsACgkQHpU+J9Qx
HljrRBAAjNVbo4R+5GN6z4E4u8Pt2DCgX920pSXfObS1WmYo1QsVlXY6dm+cY/Kz
5aBQF2lTV5hQ94KJ9PxWC5b+3q3awawFcgogMPyp64uT9915s9GttgIvKy0rNtWK
rD8xR8/p5MaLGvi2yDUwnzaBiUkc3SWr16AdceqppAv9ujW2WqlB7gWxrJmiSO6n
cm0usFweC4uQa04ffuqYb/Er0sFhs9kxp7o53glzcakkmiXhZoNj+M4ybARLMTf6
T0LVIt/DxnjEwrG2yVcu/hhuiyMqQFBz5CmfMImLusjLmqAttpnL40HNgI/Qa+R+
a0k/MbOceFBj4uC90BLvxqZDu7lQvSXM9Ff4DWj6kKI0A1mbHqGw8aCnCKroWugY
cQZYRbh87ZYzPKlWvWdFDXQE+prL3xTupQzYgUUVoK53R/xMrF366CRCmvoVlngp
2s+UxO1Rm/vY8PJk49oB3DYcSNZbtl02n/2GRHZdxKHvtR+pYvF9zP+o9MgClSEA
In/u6BqiAZz0bVq8Xnfd5NMQYUXTetybgUc5QrrWA93Q2apta2JMEmhLbDXYe/YN
QIBfHwYnuEYoWfwgMnPf3qCgVOdumEunmnbBEJBJj3jJnRsYEAFW4yFXGvpL1YLI
MFIxwDqz1g42NT1EWTfBjGdkg/+bMc++NEOY43dUWx+b2yPSdTE=
=p3gJ
-----END PGP SIGNATURE-----

--- End Message ---

Bug#929017: marked as done (mutt: undefined behavior on huge integer in a RFC 2231 header)

Reply via email to